Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/robbert229/jwt
This is an implementation of JWT in golang!
https://github.com/robbert229/jwt
Last synced: 20 days ago
JSON representation
This is an implementation of JWT in golang!
- Host: GitHub
- URL: https://github.com/robbert229/jwt
- Owner: robbert229
- License: mit
- Created: 2016-06-05T22:01:37.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2020-11-24T16:31:55.000Z (over 3 years ago)
- Last Synced: 2024-04-22T00:39:10.384Z (about 2 months ago)
- Language: Go
- Size: 32.2 KB
- Stars: 105
- Watchers: 9
- Forks: 28
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-go-security - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Web Framework Hardening)
- cybersecurity-golang-security - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Web Framework Hardening)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt
- awesome-go-with-framework - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- go-awesome-cn-star - jwt
- awesome-jwt - jwt - This is an implementation of JWT in golang. (Libraries / Go)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - 简洁易用实现json web的令牌 (JWT)。 (<span id="身份验证和oauth-authentication-and-auth">身份验证和OAuth Authentication and Auth</span>)
- awesome-Char - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth / Contents)
- awesome-go. - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - 簡單易用的一個JSON Web Tokens (JWT)的實現 (認證和授權)
- awesome-go-cn - jwt - 简单易用的一个JSON Web Tokens (JWT)的实现 (认证和授权)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth / Contents)
- awesome-go - jwt - A clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication & OAuth)
- awesome-reader - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go-cn - jwt
- awesome-go-handwritten - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go2 - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). - :arrow_down:4 - :star:0 (Authentication and OAuth)
- awesome-go - jwt - Clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication and OAuth / Contents)
- awesome-go - jwt - A clean and easy to use implementation of JSON Web Tokens (JWT). (Authentication & OAuth)
- awesome-go-cn - jwt
- awesome-go-cn - jwt
- awesome-go - jwt - This is an implementation of JWT in golang! - ★ 50 (Authentication and OAuth)
README
[](https://travis-ci.org/robbert229/jwt) [](https://coveralls.io/github/robbert229/jwt?branch=master) [](https://goreportcard.com/report/github.com/robbert229/jwt) [](https://godoc.org/github.com/robbert229/jwt)
# jwt
This is a minimal implementation of JWT designed with simplicity in mind.
# What is JWT?
Jwt is a signed JSON object used for claims based authentication. A good resource on what JWT Tokens are is [jwt.io](https://jwt.io/), and in addition you can always read the [RFC](https://tools.ietf.org/html/rfc7519).
This implementation doesn't fully follow the specs in that it ignores the algorithm claim on the header. It does this due to the security vulnerability in the JWT specs. Details on the vulnerability can be found [here](https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/)
## What algorithms does it support?
* HS256
* HS384
* HS512
## How does it work?
### How to create a token?
Creating a token is actually pretty easy.
The first step is to pick a signing method. For demonstration purposes we will choose HSMAC256.
algorithm := jwt.HmacSha256("ThisIsTheSecret")
Now we need to the claims, and edit some values
claims := jwt.NewClaim()
claims.Set("Role", "Admin")
Then we will need to sign it!
token, err := algorithm.Encode(claims)
if err != nil {
panic(err)
}
### How to authenticate a token?
Authenticating a token is quite simple. All we need to do is...
if algorithm.Validate(token) == nil {
//authenticated
}
### How do we get the claims?
The claims are stored in a `Claims` struct. To get the claims from a token simply...
claims, err := algorithm.Decode(token)
if err != nil {
panic(err)
}
_, role := claims.Get("Role")
if strings.Compare(role, "Admin") {
//user is an admin
}
### How is it different from golang.org/x/oauth2/jwt?
This package contains just the logic for `jwt` encoding, decoding, and verification. The `golang.org/x/oauth2/jwt` package does not implement the `jwt` specifications. Instead it is specifically tied to `oauth2`, requiring a `TokenURL`, `email` and can only use a specific algorithm (RSA).